AnsweredAssumed Answered

md5-digest authetication and openldap

Question asked by graylion on Jun 1, 2011
Latest reply on Jul 5, 2011 by scouil
Hi

I have followed the wiki to setup authentication via ldap.

the relevant section in my tomcat/shared/classes/alfresco-global.properties reads:


#
# The default authentication chain
# To configure external authentication subsystems see:
# http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
#————-
#authentication.chain=alfrescoNtlm1:alfrescoNtlm
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm

ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=true

# LDAP
ldap.authentication.active=true
ldap.synchronization.active=false
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ldap.authentication.userNameFormat=%s

ldap.authentication.java.naming.provider.url=ldap://127.0.0.1:389
#ldap.authentication.java.naming.provider.url=ldaps://127.0.0.1:636

authentication fails with "Unable to login - unknown username/password."

alfresco.log show no entry, when followed with tail -f

tcpdump shows the following conversation:

0….`………
DIGEST-MD50…..a..
……SASL(0): successful result: …nonce="9FNZhZzKL/bK4gp0p0w8zDm4d+5wPSON+gvRj4VA/0Q=",realm="<obscured-FQDN-of-server>",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=65536,charset=utf-8,algorithm=md5-sess0..,…`..%……….
DIGEST-MD5….charset=utf-8,username="graylion",realm="<obscured-FQDN-of-server>",nonce="9FNZhZzKL/bK4gp0p0w8zDm4d+5wPSON+gvRj4VA/0Q=",nc=00000001,cnonce="OS6PHN4gmvJLXurtScwftI5ybn7tX2KqTt++fi+F",digest-uri="ldap/127.0.0.1",maxbuf=65536,response=e45bf289ac2786cd10f173714ed2c63d,qop=auth0<…a7
.1…0SASL(-13): user not found: no secret in database

my sasl and ldap setup is fully functional and successfully authenticates users for cyrus, apache and postfix.

any ideas?

Thanks in advance.

Outcomes